Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentWM20 Controller
41424344454647484950
Additional Intranet Wireless Deployment Configurations
Summit WM20 Technical Reference Guide, Software Version 4.2 47
computer certificates installed on the IAS server, click Configure, and then select the appropriate
computer certificate. For Windows Server 2003 IAS, clear all other check boxes. Click EAP Methods
and add the Smart Card or other Certificate EAP type. If you have multiple computer certificates
installed on the IAS server, click Edit, and then select the correct computer certificate.
Profile, Encryption tab: If the wireless AP supports the MS-MPPE-Encryption-Policy and MS-MPPE-
Encryption-Types RADIUS attributes, clear all other check boxes except the Strongest check box.
This forces all wireless connections to use 128-bit encryption. If they are not, clear all the check boxes
except No encryption.
Profile, Advanced tab (if the wireless AP supports VLANs):
Add the Tunnel-Type attribute with the value of “Virtual LANs (VLAN)”.
Add the Tunnel-Pvt-Group-ID attribute with the value of the VLAN ID of the VLAN that is
connected to the Internet.
If the wireless APs require vendor specific attributes (VSAs), you must add the VSAs to the
appropriate remote access policies. For more information, see the “Configure vendor-specific
attributes for a remote access policy” procedure previously described.
Using a Third-Party CA
You can use third-party CAs to issue certificates for wireless access as long as the certificates installed
can be validated and have the appropriate properties.
Certificates on IAS Servers
For the computer certificates installed on the IAS servers, the following must be true:
They must be installed in the Local Computer certificate store.
They must have a corresponding private key. When you view the properties of the certificate with
the Certificate snap-in, you should see the text You have a private key that corresponds to this
certificate on the General tab.
The cryptographic service provider for the certificates supports SChannel. If not, the IAS server
cannot use the certificate and it is not selectable from the properties of the Smart Card or Other
Certificate EAP type from the Authentication tab on the properties of a profile for a remote access
policy.
They must contain the Server Authentication certificate purpose (also known as an Enhanced Key
Usage [EKU]). An EKU is identified using an object identifier (OID). The OID for Server
Authentication is “1.3.6.1.5.5.7.3.1”.
They must contain the fully qualified domain name (FQDN) of the computer account of the IAS
server computer in the Subject Alternative Name property.
Additionally, the root CA certificates of the CAs that issued the wireless client computer and user
certificates must be installed in the Certificates (Local Computer)\Trusted Root Certification
Authorities\Certificates folder.